@synapsor/runner 0.1.0-alpha.2 → 0.1.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +111 -4
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +5 -0
- package/dist/runner.mjs +2229 -100
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +1 -1
- package/docs/cloud-mode.md +3 -3
- package/docs/config-migrations.md +3 -3
- package/docs/demo-transcript.md +140 -52
- package/docs/first-10-minutes.md +30 -5
- package/docs/getting-started-own-database.md +27 -27
- package/docs/limitations.md +20 -0
- package/docs/local-mode.md +78 -15
- package/docs/local-ui.md +4 -4
- package/docs/mcp-audit.md +28 -7
- package/docs/mcp-client-setup.md +6 -6
- package/docs/mcp-efficiency-benchmark.md +2 -2
- package/docs/open-source-feature-inventory.md +254 -0
- package/docs/operations.md +3 -3
- package/docs/own-db-20-minutes.md +14 -14
- package/docs/recipes.md +6 -6
- package/docs/schema-inspection.md +3 -3
- package/docs/security-boundary.md +17 -0
- package/docs/shadow-mode.md +4 -4
- package/docs/troubleshooting-first-run.md +6 -6
- package/docs/writeback-executors.md +1 -1
- package/examples/reference-support-billing-app/README.md +60 -9
- package/examples/reference-support-billing-app/schema.sql +14 -1
- package/examples/reference-support-billing-app/seed.sql +12 -5
- package/examples/reference-support-billing-app/synapsor.runner.json +105 -0
- package/package.json +1 -1
package/docs/local-mode.md
CHANGED
|
@@ -23,20 +23,28 @@ Current local-mode foundation:
|
|
|
23
23
|
|
|
24
24
|
Still pending:
|
|
25
25
|
|
|
26
|
-
|
|
26
|
+
The alpha package requires Node >= 22.5.0 because the local evidence/replay
|
|
27
|
+
ledger uses Node's `node:sqlite` runtime. The published package declares that
|
|
28
|
+
engine requirement and the CLI exits early with a clear message on older Node
|
|
29
|
+
versions. The Docker-backed demo remains the recommended path when you do not
|
|
30
|
+
want to change your host Node version.
|
|
31
|
+
|
|
32
|
+
Commands in this page that use local ledger search/export or `synapsor store`
|
|
33
|
+
require this checkout or package version `0.1.0-alpha.4` or newer while npm
|
|
34
|
+
`@alpha` still points to an older alpha.
|
|
27
35
|
|
|
28
36
|
## Initialize a config
|
|
29
37
|
|
|
30
38
|
Create a starter config without putting credentials in the file:
|
|
31
39
|
|
|
32
40
|
```bash
|
|
33
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
41
|
+
npx -y -p @synapsor/runner@alpha synapsor init --engine postgres --mode review
|
|
34
42
|
```
|
|
35
43
|
|
|
36
44
|
For MySQL:
|
|
37
45
|
|
|
38
46
|
```bash
|
|
39
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
47
|
+
npx -y -p @synapsor/runner@alpha synapsor init --engine mysql --mode review --output synapsor.mysql.runner.json
|
|
40
48
|
```
|
|
41
49
|
|
|
42
50
|
The generated config uses environment-variable names for read/write URLs and trusted context. Edit the table, column, and capability names before serving tools.
|
|
@@ -49,8 +57,8 @@ persisted into proposals, evidence, query audit, runner state, or replay.
|
|
|
49
57
|
For a reviewed own-database setup generated from explicit selections, use:
|
|
50
58
|
|
|
51
59
|
```bash
|
|
52
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
53
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
60
|
+
npx -y -p @synapsor/runner@alpha synapsor init --spec onboarding-selection.json --non-interactive
|
|
61
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
54
62
|
```
|
|
55
63
|
|
|
56
64
|
`doctor --config` checks config validation, required environment variables,
|
|
@@ -87,19 +95,19 @@ If neither is set, the CLI uses:
|
|
|
87
95
|
List proposals:
|
|
88
96
|
|
|
89
97
|
```bash
|
|
90
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
98
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./.synapsor/local.db
|
|
91
99
|
```
|
|
92
100
|
|
|
93
101
|
Show a proposal:
|
|
94
102
|
|
|
95
103
|
```bash
|
|
96
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
104
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals show wrp_123 --store ./.synapsor/local.db
|
|
97
105
|
```
|
|
98
106
|
|
|
99
107
|
Approve:
|
|
100
108
|
|
|
101
109
|
```bash
|
|
102
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
110
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals approve wrp_123 \
|
|
103
111
|
--store ./.synapsor/local.db \
|
|
104
112
|
--actor local_reviewer \
|
|
105
113
|
--yes
|
|
@@ -110,7 +118,7 @@ Before approval, the CLI prints the reviewer-critical proposal details: trusted
|
|
|
110
118
|
Create a guarded writeback job from an approved proposal:
|
|
111
119
|
|
|
112
120
|
```bash
|
|
113
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
121
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 \
|
|
114
122
|
--store ./.synapsor/local.db \
|
|
115
123
|
--project local \
|
|
116
124
|
--runner local_runner \
|
|
@@ -122,7 +130,7 @@ The generated job uses the public `synapsor.writeback-job.v1` protocol and can b
|
|
|
122
130
|
```bash
|
|
123
131
|
SYNAPSOR_ENGINE=postgres \
|
|
124
132
|
SYNAPSOR_DATABASE_URL="postgresql://writer:<password>@localhost:5432/app" \
|
|
125
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
133
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
126
134
|
```
|
|
127
135
|
|
|
128
136
|
Passing `--store` records the terminal `synapsor.execution-receipt.v1` locally. Replay then links the proposal, approval, writeback job, applied/conflict/failed receipt, evidence, and query audit.
|
|
@@ -130,7 +138,7 @@ Passing `--store` records the terminal `synapsor.execution-receipt.v1` locally.
|
|
|
130
138
|
Reject:
|
|
131
139
|
|
|
132
140
|
```bash
|
|
133
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
141
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals reject wrp_123 \
|
|
134
142
|
--store ./.synapsor/local.db \
|
|
135
143
|
--reason "policy evidence is incomplete" \
|
|
136
144
|
--yes
|
|
@@ -147,7 +155,7 @@ Shadow-mode proposals are inspectable through `proposals show` and `replay show`
|
|
|
147
155
|
Start a localhost-only review UI:
|
|
148
156
|
|
|
149
157
|
```bash
|
|
150
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
158
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --config synapsor.runner.json --store ./.synapsor/local.db
|
|
151
159
|
```
|
|
152
160
|
|
|
153
161
|
The UI shows setup summary, semantic tools, proposal states, exact diffs,
|
|
@@ -163,19 +171,74 @@ tools, MCP commit tools, or controls that widen configured tables/columns.
|
|
|
163
171
|
Show replay:
|
|
164
172
|
|
|
165
173
|
```bash
|
|
166
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
174
|
+
npx -y -p @synapsor/runner@alpha synapsor replay show wrp_123 --store ./.synapsor/local.db
|
|
175
|
+
npx -y -p @synapsor/runner@alpha synapsor replay show --proposal wrp_123 --store ./.synapsor/local.db
|
|
176
|
+
npx -y -p @synapsor/runner@alpha synapsor replay show --replay replay_wrp_123 --store ./.synapsor/local.db
|
|
177
|
+
npx -y -p @synapsor/runner@alpha synapsor replay show --evidence ev_123 --store ./.synapsor/local.db
|
|
167
178
|
```
|
|
168
179
|
|
|
169
180
|
Export replay:
|
|
170
181
|
|
|
171
182
|
```bash
|
|
172
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
183
|
+
npx -y -p @synapsor/runner@alpha synapsor replay export wrp_123 \
|
|
173
184
|
--store ./.synapsor/local.db \
|
|
174
185
|
--output replay.json
|
|
186
|
+
|
|
187
|
+
npx -y -p @synapsor/runner@alpha synapsor replay export --proposal wrp_123 \
|
|
188
|
+
--format markdown \
|
|
189
|
+
--store ./.synapsor/local.db \
|
|
190
|
+
--output replay.md
|
|
175
191
|
```
|
|
176
192
|
|
|
177
193
|
Replay records include proposal metadata, before/after diff, events, writeback receipts, evidence summaries, and query audit rows currently stored for the proposal.
|
|
178
194
|
|
|
195
|
+
## Local evidence, query audit, and receipts
|
|
196
|
+
|
|
197
|
+
The local SQLite store is also searchable without relying on `latest`:
|
|
198
|
+
|
|
199
|
+
```bash
|
|
200
|
+
synapsor activity search \
|
|
201
|
+
--tenant acme \
|
|
202
|
+
--object invoice:INV-3001 \
|
|
203
|
+
--store ./.synapsor/local.db
|
|
204
|
+
|
|
205
|
+
synapsor evidence list \
|
|
206
|
+
--tenant acme \
|
|
207
|
+
--capability billing.inspect_invoice \
|
|
208
|
+
--source app_postgres \
|
|
209
|
+
--table invoices \
|
|
210
|
+
--store ./.synapsor/local.db
|
|
211
|
+
|
|
212
|
+
synapsor evidence show ev_123 --store ./.synapsor/local.db
|
|
213
|
+
synapsor query-audit list --evidence ev_123 --store ./.synapsor/local.db
|
|
214
|
+
synapsor receipts list --proposal wrp_123 --store ./.synapsor/local.db
|
|
215
|
+
synapsor receipts show <receipt_id> --store ./.synapsor/local.db
|
|
216
|
+
```
|
|
217
|
+
|
|
218
|
+
Read-only MCP tools record evidence bundles and query-audit rows and return an
|
|
219
|
+
evidence handle. Use `evidence show`, `evidence list`, and `query-audit list`
|
|
220
|
+
to inspect those captured rows and fingerprints later without rerunning the
|
|
221
|
+
external database read.
|
|
222
|
+
|
|
223
|
+
This is local indexed search over the runner's SQLite ledger. It is not
|
|
224
|
+
external Postgres/MySQL time travel, not native branching, and not a hosted
|
|
225
|
+
cross-runner audit ledger.
|
|
226
|
+
|
|
227
|
+
## Local store maintenance
|
|
228
|
+
|
|
229
|
+
The local ledger is a developer/staging SQLite file. You can inspect, compact,
|
|
230
|
+
or prune it without touching your source Postgres/MySQL database:
|
|
231
|
+
|
|
232
|
+
```bash
|
|
233
|
+
synapsor store stats --store ./.synapsor/local.db
|
|
234
|
+
synapsor store vacuum --store ./.synapsor/local.db
|
|
235
|
+
synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
236
|
+
synapsor store prune --store ./.synapsor/local.db --older-than 30d --yes
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
`store prune` defaults to dry-run. Use `--yes` only after reviewing the row
|
|
240
|
+
counts it will remove.
|
|
241
|
+
|
|
179
242
|
## Boundary
|
|
180
243
|
|
|
181
244
|
Local mode does not expose `approve_proposal` or `commit_proposal` as model-callable MCP tools. The intended flow is:
|
|
@@ -184,7 +247,7 @@ Local mode does not expose `approve_proposal` or `commit_proposal` as model-call
|
|
|
184
247
|
MCP tool call
|
|
185
248
|
-> reviewed semantic proposal
|
|
186
249
|
-> local store
|
|
187
|
-
-> human/
|
|
250
|
+
-> human/operator approval outside the model
|
|
188
251
|
-> guarded worker writeback
|
|
189
252
|
-> terminal receipt
|
|
190
253
|
-> replay
|
package/docs/local-ui.md
CHANGED
|
@@ -7,7 +7,7 @@ From a source checkout, use `./bin/synapsor ui ...` if the global binary is not
|
|
|
7
7
|
linked yet.
|
|
8
8
|
|
|
9
9
|
```bash
|
|
10
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
10
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
By default it binds to localhost only and prints a per-run URL:
|
|
@@ -135,7 +135,7 @@ For normal use, do not bind the UI to anything except localhost.
|
|
|
135
135
|
For a deliberate trusted local-network demo:
|
|
136
136
|
|
|
137
137
|
```bash
|
|
138
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
138
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --host 0.0.0.0 --allow-remote-bind
|
|
139
139
|
```
|
|
140
140
|
|
|
141
141
|
Do this only in an isolated environment. The local UI is not a hosted
|
|
@@ -156,8 +156,8 @@ The UI is intentionally small in the current alpha:
|
|
|
156
156
|
Use the CLI apply path after approval:
|
|
157
157
|
|
|
158
158
|
```bash
|
|
159
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
159
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
|
|
160
160
|
SYNAPSOR_ENGINE=postgres \
|
|
161
161
|
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
162
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
162
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
163
163
|
```
|
package/docs/mcp-audit.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# MCP database risk review
|
|
2
2
|
|
|
3
|
-
`npx -y -p @synapsor/runner@alpha synapsor
|
|
3
|
+
`npx -y -p @synapsor/runner@alpha synapsor audit <target>` performs a
|
|
4
4
|
static MCP database risk review over an exported tool manifest, a remote MCP
|
|
5
5
|
`tools/list` endpoint, or a stdio MCP server. The `mcp audit` subcommand is also
|
|
6
6
|
available for users who look for the command under the MCP namespace.
|
|
@@ -20,42 +20,63 @@ MCP annotations are treated as hints, not enforcement.
|
|
|
20
20
|
|
|
21
21
|
## Usage
|
|
22
22
|
|
|
23
|
+
Built-in database MCP risk example:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Markdown output requires this checkout or package version `0.1.0-alpha.4` or
|
|
30
|
+
newer. Check `npm view @synapsor/runner@alpha version` before promoting npm
|
|
31
|
+
snippets publicly.
|
|
32
|
+
|
|
33
|
+
This bundled example does not require a source checkout or local examples file.
|
|
34
|
+
It audits a deliberately risky database MCP shape with `execute_sql`,
|
|
35
|
+
`run_query`, model-callable approval/update/delete tools, arbitrary
|
|
36
|
+
table/column inputs, and model-controlled tenant/principal fields.
|
|
37
|
+
|
|
23
38
|
Human-readable output:
|
|
24
39
|
|
|
25
40
|
```bash
|
|
26
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
41
|
+
npx -y -p @synapsor/runner@alpha synapsor audit ./tools-list.json
|
|
27
42
|
```
|
|
28
43
|
|
|
29
44
|
Remote `tools/list` endpoint with a bearer token kept in the environment:
|
|
30
45
|
|
|
31
46
|
```bash
|
|
32
47
|
SYNAPSOR_MCP_AUDIT_BEARER="..." \
|
|
33
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
48
|
+
npx -y -p @synapsor/runner@alpha synapsor audit https://mcp.example.com --format json
|
|
34
49
|
```
|
|
35
50
|
|
|
36
51
|
Remote endpoint with a custom bearer-token environment variable:
|
|
37
52
|
|
|
38
53
|
```bash
|
|
39
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
54
|
+
npx -y -p @synapsor/runner@alpha synapsor audit https://mcp.example.com --bearer-env MCP_AUDIT_TOKEN --format json
|
|
40
55
|
```
|
|
41
56
|
|
|
42
57
|
Stdio MCP server:
|
|
43
58
|
|
|
44
59
|
```bash
|
|
45
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
60
|
+
npx -y -p @synapsor/runner@alpha synapsor audit 'stdio:node ./server.mjs' --timeout-ms 5000
|
|
46
61
|
```
|
|
47
62
|
|
|
48
63
|
JSON output:
|
|
49
64
|
|
|
50
65
|
```bash
|
|
51
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
66
|
+
npx -y -p @synapsor/runner@alpha synapsor audit ./tools-list.json --format json
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
Markdown output for issues, PRs, or security review notes:
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp --format markdown
|
|
52
73
|
```
|
|
53
74
|
|
|
54
75
|
During local development, the repo-local wrapper can run the same command:
|
|
55
76
|
|
|
56
77
|
```bash
|
|
57
78
|
./bin/synapsor audit ./tools-list.json
|
|
58
|
-
./bin/synapsor audit ./tools-list.json --json
|
|
79
|
+
./bin/synapsor audit ./tools-list.json --format json
|
|
59
80
|
```
|
|
60
81
|
|
|
61
82
|
## Supported inputs
|
package/docs/mcp-client-setup.md
CHANGED
|
@@ -29,7 +29,7 @@ corepack pnpm test:mcp-client-configs
|
|
|
29
29
|
Print a snippet without modifying any client files:
|
|
30
30
|
|
|
31
31
|
```bash
|
|
32
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
32
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop \
|
|
33
33
|
--config ./synapsor.runner.json \
|
|
34
34
|
--store ./.synapsor/local.db
|
|
35
35
|
```
|
|
@@ -47,13 +47,13 @@ vscode
|
|
|
47
47
|
The older form is still supported:
|
|
48
48
|
|
|
49
49
|
```bash
|
|
50
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
50
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp configure --client claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
51
51
|
```
|
|
52
52
|
|
|
53
53
|
Write is opt-in and requires an explicit destination:
|
|
54
54
|
|
|
55
55
|
```bash
|
|
56
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
56
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp configure \
|
|
57
57
|
--client cursor \
|
|
58
58
|
--config ./synapsor.runner.json \
|
|
59
59
|
--store ./.synapsor/local.db \
|
|
@@ -72,7 +72,7 @@ database URLs or passwords into the client config.
|
|
|
72
72
|
From the runner repository:
|
|
73
73
|
|
|
74
74
|
```bash
|
|
75
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
75
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
76
76
|
```
|
|
77
77
|
|
|
78
78
|
For the alpha package, keep the package tag explicit in client configuration.
|
|
@@ -82,13 +82,13 @@ For the alpha package, keep the package tag explicit in client configuration.
|
|
|
82
82
|
```json
|
|
83
83
|
{
|
|
84
84
|
"mcpServers": {
|
|
85
|
-
"synapsor
|
|
85
|
+
"synapsor": {
|
|
86
86
|
"command": "npx",
|
|
87
87
|
"args": [
|
|
88
88
|
"-y",
|
|
89
89
|
"-p",
|
|
90
90
|
"@synapsor/runner@alpha",
|
|
91
|
-
"synapsor
|
|
91
|
+
"synapsor",
|
|
92
92
|
"mcp",
|
|
93
93
|
"serve",
|
|
94
94
|
"--config",
|
|
@@ -7,13 +7,13 @@ The global `synapsor` command is only needed after installing or linking the
|
|
|
7
7
|
CLI.
|
|
8
8
|
|
|
9
9
|
```bash
|
|
10
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
10
|
+
npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
For machine-readable output:
|
|
14
14
|
|
|
15
15
|
```bash
|
|
16
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
16
|
+
npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency --json
|
|
17
17
|
```
|
|
18
18
|
|
|
19
19
|
The benchmark compares an included fixture, not universal model behavior.
|
|
@@ -0,0 +1,254 @@
|
|
|
1
|
+
# Synapsor Runner Open-Source Feature Inventory
|
|
2
|
+
|
|
3
|
+
Date: 2026-06-23
|
|
4
|
+
|
|
5
|
+
Branch inspected: `runner-segment-scale-adoption`
|
|
6
|
+
|
|
7
|
+
This inventory tracks the open-source runner boundary. It is not a list of
|
|
8
|
+
Synapsor Cloud or Synapsor DBMS features.
|
|
9
|
+
|
|
10
|
+
## Summary
|
|
11
|
+
|
|
12
|
+
Synapsor Runner now has a local evidence/replay ledger for real
|
|
13
|
+
Postgres/MySQL-backed MCP interactions:
|
|
14
|
+
|
|
15
|
+
- config-defined semantic MCP tools instead of raw SQL;
|
|
16
|
+
- trusted tenant/principal context binding;
|
|
17
|
+
- scoped source reads;
|
|
18
|
+
- local evidence bundles and query audit;
|
|
19
|
+
- proposal-first writes with before/proposed diffs;
|
|
20
|
+
- local approval/rejection outside MCP;
|
|
21
|
+
- guarded single-row writeback;
|
|
22
|
+
- writeback receipts;
|
|
23
|
+
- proposal replay;
|
|
24
|
+
- local indexed search over proposals, evidence, query audit, receipts, and
|
|
25
|
+
replay links.
|
|
26
|
+
- npm/package trust checks for the public `synapsor` bin and legacy
|
|
27
|
+
`synapsor-runner` alias;
|
|
28
|
+
- a fixture-only `demo --quick` that seeds an inspectable local ledger without
|
|
29
|
+
Docker;
|
|
30
|
+
- shareable MCP audit JSON/Markdown output;
|
|
31
|
+
- redacted doctor Markdown report output.
|
|
32
|
+
|
|
33
|
+
The local store is SQLite and intended for local/dev/staging usage. It is not a
|
|
34
|
+
hosted central audit ledger, not RBAC/SSO, not cross-runner search, not
|
|
35
|
+
enterprise retention, and not compliance export.
|
|
36
|
+
|
|
37
|
+
## Implemented Local Concepts
|
|
38
|
+
|
|
39
|
+
| Synapsor concept | Runner implementation | Status |
|
|
40
|
+
| --- | --- | --- |
|
|
41
|
+
| Context bindings | Trusted tenant/principal from env/static dev/HTTP/cloud session config | Implemented |
|
|
42
|
+
| Capabilities | Reviewed semantic MCP tools from `synapsor.runner.json` | Implemented |
|
|
43
|
+
| Evidence bundles | Captured/projected rows and metadata persisted locally | Implemented |
|
|
44
|
+
| Query audit | Source/table/fingerprint/row-count/redacted-parameter records | Implemented |
|
|
45
|
+
| Proposals | Immutable before/proposed change sets | Implemented |
|
|
46
|
+
| Approval | Local CLI/UI approval/rejection outside MCP | Implemented |
|
|
47
|
+
| Guarded writeback | Single-row Postgres/MySQL `UPDATE` with primary-key, tenant, allowed-column, conflict, idempotency, and affected-row checks | Implemented |
|
|
48
|
+
| Receipts | Applied/conflict/failed writeback receipts | Implemented |
|
|
49
|
+
| Replay | Proposal replay from local captured records | Implemented |
|
|
50
|
+
| MCP audit | Static risk review for database MCP tool shapes | Implemented |
|
|
51
|
+
| Local indexed search | CLI filters for activity, proposals, evidence, query audit, and receipts | Implemented |
|
|
52
|
+
|
|
53
|
+
## New Local Ledger Commands
|
|
54
|
+
|
|
55
|
+
```bash
|
|
56
|
+
synapsor activity search --tenant acme --object invoice:INV-3001
|
|
57
|
+
synapsor proposals list --tenant acme --capability billing.propose_late_fee_waiver --object invoice:INV-3001 --status approved
|
|
58
|
+
synapsor evidence list --tenant acme --capability billing.inspect_invoice --source app_postgres --table invoices
|
|
59
|
+
synapsor evidence show ev_...
|
|
60
|
+
synapsor evidence export ev_... --format json --output evidence.json
|
|
61
|
+
synapsor evidence export ev_... --format markdown --output evidence.md
|
|
62
|
+
synapsor query-audit list --evidence ev_... --source app_postgres --table invoices
|
|
63
|
+
synapsor query-audit show <audit_id>
|
|
64
|
+
synapsor query-audit export <audit_id> --format json --output audit.json
|
|
65
|
+
synapsor receipts list --proposal wrp_...
|
|
66
|
+
synapsor receipts show <receipt_id>
|
|
67
|
+
synapsor replay show --proposal wrp_...
|
|
68
|
+
synapsor replay show --replay replay_wrp_...
|
|
69
|
+
synapsor replay show --evidence ev_...
|
|
70
|
+
synapsor replay export --proposal wrp_... --format json --output replay.json
|
|
71
|
+
synapsor replay export --proposal wrp_... --format markdown --output replay.md
|
|
72
|
+
synapsor doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
73
|
+
synapsor store stats --store ./.synapsor/local.db
|
|
74
|
+
synapsor store vacuum --store ./.synapsor/local.db
|
|
75
|
+
synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
Unknown top-level commands now return a nonzero error instead of generic help.
|
|
79
|
+
Unsupported flags on the new search/list commands fail clearly rather than
|
|
80
|
+
being silently ignored.
|
|
81
|
+
|
|
82
|
+
## Local Store Schema And Search
|
|
83
|
+
|
|
84
|
+
The store remains backward-compatible with existing local SQLite files. New
|
|
85
|
+
metadata columns are nullable and are backfilled from existing JSON where safe.
|
|
86
|
+
|
|
87
|
+
New/important searchable metadata:
|
|
88
|
+
|
|
89
|
+
- proposal tenant, principal, capability/action, business object, object id,
|
|
90
|
+
state, source, table, created time;
|
|
91
|
+
- evidence tenant, principal, capability, proposal id, business object, object
|
|
92
|
+
id, source, table, query fingerprint, created time;
|
|
93
|
+
- query audit tenant, proposal id, evidence id, source, table, primary-key
|
|
94
|
+
value, query fingerprint, created time;
|
|
95
|
+
- writeback receipt proposal id, writeback job id, idempotency key, status,
|
|
96
|
+
created time.
|
|
97
|
+
|
|
98
|
+
Indexes are created idempotently on the local store for:
|
|
99
|
+
|
|
100
|
+
- proposals by tenant/time, action/time, capability/time, principal/time,
|
|
101
|
+
object/time, state/time, source/table/time;
|
|
102
|
+
- evidence bundles by tenant/time, proposal id, created time, capability/time,
|
|
103
|
+
principal/time, object/time, source/table/time, query fingerprint/time;
|
|
104
|
+
- evidence items by evidence bundle id;
|
|
105
|
+
- query audit by evidence id, proposal id, source/table/time,
|
|
106
|
+
query fingerprint/time, tenant/time, object/time, primary-key/time;
|
|
107
|
+
- writeback receipts by proposal id, writeback job id, idempotency key,
|
|
108
|
+
status/time;
|
|
109
|
+
- replay records by proposal id and created time;
|
|
110
|
+
- approvals by proposal id and status/time;
|
|
111
|
+
- proposal events by proposal id and kind/time.
|
|
112
|
+
|
|
113
|
+
These are local metadata indexes. Runner does not index customer Postgres/MySQL
|
|
114
|
+
tables.
|
|
115
|
+
|
|
116
|
+
## Read-Only Evidence
|
|
117
|
+
|
|
118
|
+
Read-only MCP tools can record evidence bundles and query-audit rows. The MCP
|
|
119
|
+
tool response returns an evidence handle. The user can now inspect that handle
|
|
120
|
+
later:
|
|
121
|
+
|
|
122
|
+
```bash
|
|
123
|
+
synapsor evidence show ev_...
|
|
124
|
+
synapsor evidence list --tenant acme --capability billing.inspect_invoice
|
|
125
|
+
synapsor query-audit list --evidence ev_...
|
|
126
|
+
synapsor activity search --tenant acme --source app_postgres --table invoices
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
Read-only evidence inspection does not rerun the external database read. It
|
|
130
|
+
shows captured/projected evidence that was already persisted locally.
|
|
131
|
+
|
|
132
|
+
Proposal replay remains proposal-centric. `replay show --evidence ev_...`
|
|
133
|
+
works only when the evidence bundle is linked to a replayable proposal.
|
|
134
|
+
|
|
135
|
+
## Replay Versus Time Travel
|
|
136
|
+
|
|
137
|
+
Runner replay is local captured interaction replay:
|
|
138
|
+
|
|
139
|
+
```text
|
|
140
|
+
trusted context
|
|
141
|
+
-> captured source-row excerpt
|
|
142
|
+
-> query audit/fingerprint
|
|
143
|
+
-> proposal before/proposed diff
|
|
144
|
+
-> approval/rejection events
|
|
145
|
+
-> writeback job
|
|
146
|
+
-> terminal receipt
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
It is not:
|
|
150
|
+
|
|
151
|
+
- external DB time travel;
|
|
152
|
+
- `AS OF` query support over Postgres/MySQL;
|
|
153
|
+
- native branch creation;
|
|
154
|
+
- external DB merge;
|
|
155
|
+
- auto-merge;
|
|
156
|
+
- settlement-policy execution.
|
|
157
|
+
|
|
158
|
+
Synapsor-native branching, time travel, settlement, and workflow DAG execution
|
|
159
|
+
remain proprietary Synapsor Cloud/DBMS features.
|
|
160
|
+
|
|
161
|
+
## MCP Resource Boundary
|
|
162
|
+
|
|
163
|
+
MCP resources remain read-only:
|
|
164
|
+
|
|
165
|
+
- `synapsor://proposals/{proposal_id}`;
|
|
166
|
+
- `synapsor://evidence/{evidence_bundle_id}`;
|
|
167
|
+
- `synapsor://replay/{replay_id}`.
|
|
168
|
+
|
|
169
|
+
They inspect local store records and do not mutate source databases. They also
|
|
170
|
+
do not list/search all local records through MCP; local search is a CLI/local UI
|
|
171
|
+
concern.
|
|
172
|
+
|
|
173
|
+
## Not Included In OSS Runner
|
|
174
|
+
|
|
175
|
+
- C++ DBMS internals;
|
|
176
|
+
- native Synapsor branches;
|
|
177
|
+
- external DB time travel;
|
|
178
|
+
- `AS OF` external DB queries;
|
|
179
|
+
- external DB merge;
|
|
180
|
+
- auto-merge;
|
|
181
|
+
- settlement policies;
|
|
182
|
+
- workflow DAG engine;
|
|
183
|
+
- `CREATE AGENT WORKFLOW`;
|
|
184
|
+
- hosted workflow graph builder;
|
|
185
|
+
- governed memory;
|
|
186
|
+
- RBAC/SSO;
|
|
187
|
+
- hosted evidence ledger;
|
|
188
|
+
- central org-wide activity search;
|
|
189
|
+
- managed runner fleet;
|
|
190
|
+
- compliance exports;
|
|
191
|
+
- enterprise retention controls;
|
|
192
|
+
- production CDC machinery.
|
|
193
|
+
|
|
194
|
+
## Safety Boundary Verification
|
|
195
|
+
|
|
196
|
+
The runner keeps these out of the model-facing MCP tool surface:
|
|
197
|
+
|
|
198
|
+
- `execute_sql`;
|
|
199
|
+
- `raw_sql`;
|
|
200
|
+
- `query_database`;
|
|
201
|
+
- approval tools;
|
|
202
|
+
- reject tools;
|
|
203
|
+
- apply/commit/writeback tools;
|
|
204
|
+
- database URLs;
|
|
205
|
+
- write credentials;
|
|
206
|
+
- model-controlled tenant authority.
|
|
207
|
+
|
|
208
|
+
Approval, rejection, and writeback stay in CLI/UI/app-handler/runner paths
|
|
209
|
+
outside the MCP tool surface.
|
|
210
|
+
|
|
211
|
+
## Current Rough Edges
|
|
212
|
+
|
|
213
|
+
- The local UI is still proposal-review oriented. The CLI now has first-class
|
|
214
|
+
local evidence/search commands, but UI search/export for evidence/query-audit
|
|
215
|
+
is not yet a full dedicated workflow.
|
|
216
|
+
- Read-only evidence has CLI inspection and activity search, but read-only
|
|
217
|
+
replay is not a standalone replay object unless linked to a proposal.
|
|
218
|
+
- The current direct DB writeback adapter intentionally supports guarded
|
|
219
|
+
single-row `UPDATE` only. App-owned HTTP/command handlers are the path for
|
|
220
|
+
richer business writes.
|
|
221
|
+
- The alpha package requires Node >= 22.5.0 because the local ledger uses
|
|
222
|
+
Node's `node:sqlite` runtime. The package declares this and the bin wrapper
|
|
223
|
+
exits early with a clear message on older Node versions.
|
|
224
|
+
|
|
225
|
+
## Tests Covering This Inventory
|
|
226
|
+
|
|
227
|
+
Relevant local tests:
|
|
228
|
+
|
|
229
|
+
```bash
|
|
230
|
+
corepack pnpm exec vitest run packages/proposal-store/src/index.test.ts
|
|
231
|
+
corepack pnpm exec vitest run apps/runner/src/cli.test.ts
|
|
232
|
+
corepack pnpm exec vitest run packages/mcp-server/src/index.test.ts
|
|
233
|
+
corepack pnpm test:first-run
|
|
234
|
+
corepack pnpm test:mcp-client-configs
|
|
235
|
+
./scripts/verify-public-commands.sh
|
|
236
|
+
./scripts/verify-packed-runner.sh
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
The current implementation pass specifically added coverage for:
|
|
240
|
+
|
|
241
|
+
- unknown command nonzero behavior;
|
|
242
|
+
- unsupported search flags failing clearly;
|
|
243
|
+
- proposal filters by tenant/capability/object/status;
|
|
244
|
+
- evidence show/list/export JSON/Markdown;
|
|
245
|
+
- query-audit list/show/export;
|
|
246
|
+
- receipts list/show;
|
|
247
|
+
- replay by proposal id, replay id, and linked evidence id;
|
|
248
|
+
- replay JSON and Markdown export;
|
|
249
|
+
- activity search by tenant/object;
|
|
250
|
+
- local metadata indexes and idempotent migration/reopen.
|
|
251
|
+
- `demo --quick` creating an inspectable local fixture store;
|
|
252
|
+
- built-in audit example JSON/Markdown output;
|
|
253
|
+
- clean packed-tarball command execution.
|
|
254
|
+
- local store stats, vacuum, and dry-run/apply prune.
|
package/docs/operations.md
CHANGED
|
@@ -12,9 +12,9 @@
|
|
|
12
12
|
## Routine checks
|
|
13
13
|
|
|
14
14
|
```bash
|
|
15
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
16
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
17
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
15
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor
|
|
16
|
+
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/postgres-support/job.approved.json
|
|
17
|
+
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/mysql-orders/job.approved.json
|
|
18
18
|
```
|
|
19
19
|
|
|
20
20
|
`doctor` validates local configuration, calls Synapsor's runner-token doctor endpoint, confirms the token is authenticated for the configured source, checks database reachability and engine version, creates/verifies `synapsor_writeback_receipts`, and performs a rollback-only receipt insert to prove the configured credential can write runner receipts. It does not mutate business tables.
|